Sharing our experience. Once our company upgraded the OKTA classic to the OKTA Identity Engine (OIE) we started facing failures with the authentication with the ODBC driver into our Snowflake account.

The error message was

Client driver fail to connect via Okta SSO - with 'Saml Assertion did not match' & 'post back=/login/cert' messages 

We checked, and it was not a problem with QLIK Replicate because we were not able to connect directly by creating a direct connection with ODBC. 

We found the following articles reporting the issue

https://community.snowflake.com/s/article/client-driver-fail-to-connect-via-Okta-SSO-Saml-Assertion-...

https://support.okta.com/help/s/article/Snowflake-ODBC-Connector-Compatibilitywhen-Upgrading-from-Ok...

Both articles suggest upgrading the driver to its latest version, which is a good solution but, in some cases, only a partial solution.

To know the latest version of the driver supporting OIE, check the following link 

https://community.snowflake.com/s/article/client-versions-that-support-okta-identity-engine-oie

and for the latest updates of the drivers

ODBC - https://community.snowflake.com/s/article/ODBC-Driver-Release-Notes

JDBC - https://community.snowflake.com/s/article/JDBC-Driver-Release-Notes

There is an extra step that solves the problem in many cases. The problem is that when you upgrade OKTA, in some cases, it forces the service accounts (user accounts) to set up the security profile (all security questions and so on). For that reason, when ODBC tries to connect, they are prompted with the form, which is not what the driver expects. It makes the driver fail. The solution is to log in with the service account first, set up the security profile and try again.

I hope it works in your case!